 one. That always works. Isn't this exciting? The first PHP conference in Singapore. How cool is that? Come on, big hand to the organisers because it takes a lot to put on these conferences and we're really proud to support it and we hope that it continues for future years. Who wants another one next year? No, they haven't finished this one yet. We'll get to that. So hello everyone. I am Stephen Cooper, also known as developer Steve on the internet. I am from a company called PayPal, which I'm sure you're familiar with in some regards, and also a company called Braintree, which we'll get to in a minute. I'm a developer advocate for both companies, so I get to travel around hanging out with amazing developers like yourselves, which is really cool because I get to meet some amazing devs, and it's awesome to be here in Singapore. This is one of my favourite countries to come visit. I do love Singapore. I haven't been here for a couple of months, but flew in last night and I was like, yeah, I like Singapore. And it's good that you put on the cooler weather for us. It dropped two degrees since my last visit. It's amazing. So yeah, I am developer advocate. I get to travel around a bit. I've done a quarter of a million kilometres in 12 months and covered some 90 odd events throughout the region. So I do frequent airports quite a bit. I do do bag selfies. That's a thing. And I love Singapore that much. I actually carry in my 30 kilos of luggage. I actually carry a kopi with me wherever I go because I love kopi. It's really good stuff. So I'm from PayPal. We have some really amazing APIs. We've been doing payments a long time. We know payments really, really well. One of my favourite APIs, adaptive payments, but you do something called chain payments. So you're basically the conduit between buyer and seller. Amazing APIs. And Braintree, which is exciting to launch that this year in Singapore for the first time. So it's Braintree is used by companies like Airbnb, Uber, GitHub, just to drop a few names, and allows frictionless payments, which is really, really cool. 12 lines of code, which we'll look at soon. I've got a demo which demo gods permitting will actually work, hopefully. But yeah, 12 lines of code, PayPal, credit card, and when it launches here, Apple Pay, Android Pay, and Bitcoin. And whenever a new integration comes in, it works in the same build. So really, really cool. We will get to that, though. So this talk today is something I sort of dreamed up earlier on in the year, and I thought, wouldn't it be cool to do a fairy tale using our APIs and SDKs? Because they're really easy to use. So I thought, make it a bit fun, make it a bit interesting. And to do that, I thought, why not use actors? Yes, actual actors. What kind of? So a tale begins in the kingdom of binary. Just a warning, expect loads and loads of puns, all right? This presentation is absolutely full of them. So this is my actor, one of them. There's a few. I originally wrote this to, with the intention of using actors, and I actually had real actors lined up and then thought, I have to write a stage play to go with this as well. And actors don't like travelling in suitcases very much, so this could get a bit tricky. I'll use digital actors instead. So I don't know if you can tell. I did my own pixel art. So our actor, and I set background music just for that added touch for each scene. So this is Pixel Pete. And Pixel Pete is a bit of a wizard when it comes to code. Pixel Pete lives in the kingdom of binary. And basically he integrates websites, he integrates payments, he builds all sorts of websites in his village. Slight pause. For effect, this is all part of the show. Oh, and we're back. We're good? Okay. So Pixel Pete lives in the village of binary. He's a very, very well known code wizard. One day he gets approached by one of the king's guards to go on a bit of a quest. He's been summoned to go see the king, because they're having a bit of a problem with their payment systems. So he needs to go help the king solve the kingdom's problems when it comes to payments. And he has to go see the king without the puns, which there's not much sense of that happening. So he sets out to go see the king. He lives quite a fair way away, so he has to travel a little while. So he heads off down the M1 and hits a bit of a traffic jam. There's roadworks on, because there's always roadworks when you're trying to go somewhere. So he takes a detour, ends up on the M2. There's another traffic jam there, because that always happens. So he ends up at a nice bed and breakfast at the coastal town for one evening. And then the next morning sets off to go see the king, and ends up in the kingdom. So Pete ends up in front of the king, ready to hear all about his payment quest. So the king basically has had a lot of problems with the PCI daemon who has been plaguing the kingdom, trying to steal all sorts of sensitive PCI credit card information, which they've been storing on server, which you never ever do. So Pete has to set out to try and find a new way to basically do payments, a safe way to be able to facilitate all the payments for the kingdom through a PCI safe method to transact and stop the PCI daemon from doing all these nasty things. To do that, he needs to go to the main of the APIs to see the keeper of APIs to find out how they can tokenize payments and keep things all nice and secure. So the king's going to take him to the library and show him how to enter the domain of the APIs using Braintree. So first step, they're going to head to sandbox.braintreepayments.com, grab some merchant credentials, the key, which you can then use to drop into side some PHP code because PHP is awesome. So we call in the Braintree PHP SDK, dropping our merchant credentials, like so. Generate a client token, which is really important. So this is then used inside some JavaScript to basically make a nice little very secure, very session- orientated payment box to do a really safe payment and keep the PCI daemon away, which looks something like this. So this will basically then generate inside any sort of form and be able to facilitate credit card PayPal straight out of the box and then later on when any other payment gateways get added, any digital wallets are added all in the one integration. That's Braintree. So once the user fills out their credit card information, hit submit, a payment method nonces attached to the form, which then uses part of your post and you do the transaction. Totes easy. So he now has what he needs to be able to enter the domain of the APIs. He now has the key. So going to set out on another road trip. Thankfully this time there's no traffic, so get there rather quickly. So he heads out to the domain of the APIs, which is located on a lovely little island just north of the island of the main continent. So he uses the key to teleport over. It's rather magical and ends up in the domain of the APIs. Oh, it's a magical place. So the keeper of the domain of the APIs and all things green approaches him to be able to show him how to tokenize a credit card, which takes the key to a whole other level. This is basically what Uber do, Uber in the magical kingdom. Uber do to basically set up user accounts. Uber you set up an account, you attach a payment method, you get a token back and from that point on, you just use the token to do transactions. So you don't store any credit card or financial, sensitive financial information on your website. So he's basically going to help him stop the PCI demon and teach him about all things green. No, he's going to teach him how to tokenize credit card. So for that, we're going to try a live demo. Oops, not supposed to see that one yet. Forget you saw that one. All right, let's make some code bigger. There we go. All right, so here's a demo I've got set up. That's is, I know, here we go. There we go. All right, so this is basically some little bit of PHP that just steps through how you can basically tokenize a credit card, create a customer inside brain tree, tokenize a credit card, and from that point on, you can just use the token to do any transactions you need to for the user. So I've got this three steps. First step, index file, I'm just creating a customer inside brain tree and attaching a payment method. And the second step, I attach the payment method and the third step, just transaction. So and then I've got a config file with my merchandise and I didn't want to copy paste a number of times. Makes it a little bit easier. And this, this and a whole bunch of other demos are on my GitHub, github.com slash developer Steve. So let's hope the demo gods like that. So I'm going to refresh the page. The first thing it's going to do is create a customer inside brain tree, which looks just like that. And then I'm going to generate a client token, which is used to create this wonderful little payment box here. And inside that, I can use PayPal or credit card. The good thing with this box is if everyone's familiar with some of the classic PayPal API is a redirect your way you log into the website. This one actually has a nice little pop up that appears on the page. So user does not leave this page, user stays on the page. For this, I'm going to use credit card. So I've got my custom ID, which has just been created inside brain tree. Type in my credit card. No one copy down that number. Unlimited credit. Hit store payment in vault. So this is basically going to store it against that custom ID inside brain tree and return a token. And it works. The internet's happy. So I've got a vault token back here, which I can then use as I need to with my merchant credentials. And these tokens are only specific to this merchant. I can use that token to do transactions for that customer whenever they use my service, whenever they buy a product. Basically they don't need to re-enter those details from that point on. So I can do a transaction now and it worked. So I have a transaction ID just there. That's it. It's really easy. And so powerful you can stop the PCI demon with it. Go back into the mystical chamber. So he now has what he needs to be able to stop the PCI demon. He's now powered up too. So now he can go take on the PCI demon and bring back something green. No, he's just going to go take on the PCI demon. And for that, this time he's just going to teleport because it's a little bit quicker. And after some magical words, he appears in the PCI demons chamber. Hear the music. It's really scary now. So he's basically ready to take on the PCI demon. So the PCI demons been stealing all sorts of credit card information. So and just for the record, you never store PCI, you never store credit card information on your server unless you're like super, super PCI compliant. Something you never store on the server. We can store it for you. You get back a wonderful little token. Super secure. So now he's ready to take on the PCI demon with tokenization. So the PCI demons basically going to try and steal all the credit cards, which is what he's been doing. But he can't do it with the brain tree vault because it's all secure. It has lots of nice king guards around it. And we always worry about all the compliant side of things, all the PCI side of things, keeping everything all nice and safe and secure. That is the magic. And the best part is you can't even scrape it through that little drop in UI because again everything's that little drop in UI loads from our servers. So everything is kept all nice and safe. You can't lift off what the user enters into that little box. Like everything is kept all secure, all safe. Which really upsets the likes of the PCI demon. That got everyone's attention. And you can zap them away. Which kills off any demons and keeps all your users all nice and secure. Which also means the keeper of the main APIs and all things green gets his green gems. So back in the king's chamber the king's obviously is static that everything's been sorted out for him. Users already spread because the internet and Reddit have already spread the word that everything's kept all nice and safe. There we go. Late entrance. Actors. So back in his village he's all nice and safe. He's back from his quest and he's ready for his next one. Haha. No, just kidding. That's for next time. So that's basically me. That was basically the magic of Braintree. That's what we do so well. So we have launched Braintree here this year. I don't know if anyone's used it yet. I hope they have. If they haven't then more than happy to talk more and take any questions. And yes this was all done in PowerPoint just saying. I always get asked what did you use. Yes it was PowerPoint. So yes questions. Oh, I have one. Any question. Hello. So the credit card information is replaced by a token right. Yeah it's stored by token. Okay. What if the token is compromised? What if my server is compromised and a hacker stole the tokens and maybe he can read also the config PHP. Yeah so we you can reissue those tokens so you can force a like a full reissue so that they're all invalidated. We monitor things on our side as well to be able to detect any sort of fraudulent behavior. We know the session IDs as well. So all that when we when we do the client token generation. We know that that's specific to that user using your merchant credentials so it helps us to be able to keep an eye on things to make sure it's all secure. But before we regenerate those token the hackers could use the token first to do a transaction right. No if they regenerated the users have to reauthenticate, re-save new information. So yeah it's it's a lot harder to do that with the tokenization side of things. And the second question is the form customizable in terms of looks. Yep so that was using drop-in UI which basically generates it all for you. There's another version called hosted fields where you can customize everything. Even the inner inputs that load inside so basically loads all those inputs individually as opposed to the entire box. Everything even the inner shadows loaded from the frames from our server is fully customizable in the JavaScript. And even the JavaScript callbacks are all loaded as well. It's really cool. That's another talk with a whole bunch of other characters. Okay so I want to ask if are you supporting the subscription payment or I need to assemble I want to check my customer $60 every month so I should make a account every month or you can support that. I know we actually support subscriptions as well using that same method. So you set up a vault and then you can attach a subscription with a plan and even add add-ons and free period free trial periods and all that's available as well using the same method. Last question. Hello. Yeah how we can manage the reverse payment. If I have to revert I charge a credit card and then somehow I have to reverse the money. Yeah we do. It supports charge back charge backs through the SDK as well. That is different SDK. So yeah through the SDK and even through the the web interface the dashboard you can do you can do a charge back through that as well. Okay. Right thank you. Steven you have any other slide to show. Yes. The two best ones. So eight big cats with lasers. This is what you do on planes for 14 hours and that's me. Thank you.